求教一个问题 急!!!

xiachunmen

服务器疑遭攻击
tomcat日志如下
=====*********======
ip=222.170.170.243
Request URI: /web/index.jsp
referer=null
=====*********======
=====*********======
ip=175.43.125.19
Request URI: /web/index.jsp
referer=null
=====*********======
=====*********======
ip=220.181.118.154
Request URI: /web/home/product_check.jsp
referer=null
=====*********======
=====*********======
ip=124.228.138.16
Request URI: /web/index.jsp
referer=http://www.baidu.com/s?wd=%C1%A2%B0%EE%B9%D9%B7%BD%CD%F8%D5%BE&word=%C1%A2%B0%EE%B9%D9%B7%BD%CD%F8%D5%BE&tn=sitehao123&oq=%C1%A2%B0%EE&rsp=1&f=3
=====*********======
=====*********======
ip=123.175.18.121
Request URI: /web/index.jsp
referer=null
=====*********======
nippon_NumActive=0
=====*********======
ip=203.208.60.213
Request URI: /web/home/pro_view.jsp
referer=null
=====*********======
=====*********======
ip=112.251.231.159
Request URI: /web/index.jsp
referer=null
=====*********======
=====*********======
ip=222.138.197.235
Request URI: /web/index.jsp
referer=null
=====*********======


现在要取到 ip=....和referer=null 这两行信息以做判断
求教怎么才能取到阿
环境是bash的  centOS5.5系统
谢谢了

yinyuemi

回复 1# xiachunmen


    grep -P "^(?=ip|refer)"

南极雨

回复 1# xiachunmen


        sed -n '/ip/p;/refer/p'

sed -n '/ip/{!d;p};/refer/{!d;p}'

rdcwayx

找出所有怀疑的IP

1. awk 'BEGIN{RS="====*";FS="\n"} /referer=null/{print $2}' infile

复制代码

这个可以排序找出最多数量的IPs.

1. awk 'BEGIN{RS="====*";FS="\n"} /referer=null/{a[$2]++}END {for (i in a) print a[i],i|"sort -n"}' infile

复制代码